Bill penalizing consumer data breaches introduced in Senate

Most Read

While it is true that a timeshare contract is a binding legal document, it is often mistakenly thought that such a contract cannot only be cancelled. In fact, most timeshare companies maintain that their contracts are non – cancellable. This misconception is perpetuated by timeshare companies and user groups that are funded, maintained and controlled by the timeshare industry.

The FHA 203k loan program provides home buyers the opportunity to buy and fix up a property, without exhausting their personal savings.

A bill that would impose strict penalties on credit reporting agencies for data breaches involving data has been introduced in the Senate.

The Data Breach Prevention and Compensation Act, which was introduced by Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.), would also give the Federal Trade Commission (FTC) more direct supervisory authority over data security at credit reporting agencies.

Under the bill, an Office of Cybersecurity would be established at the FTC. The office would conduct annual inspections and supervision of cybersecurity at credit reporting agencies. Additionally, the office would be required to impose mandatory strict liability penalties for consumer data breaches.

The bill proposes a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised. Another $50 will be meted for each additional PII compromised per consumer.

Additionally, the proposed legislation would require the FTC to use 50% of the penalty to compensate consumers. In cases where the credit reporting agency had inadequate cybersecurity or failed to timely notify the FTC of a breach, the FTC has the power to increase penalties.

The introduction of the bill follows the announcement by Equifax in September 2017 that the data of more than 145 million American consumers were compromised when hackers stole personal information such as Social Security Numbers, birth dates, credit card numbers, driver's license numbers, and passport numbers. Under the bill, Equifax would have had to pay at least a $1.5 billion penalty for the breach.

"The financial incentives here are all out of whack - Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach," Warren said. "Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers – which will put money back into peoples' pockets and help stop these kinds of breaches from happening again."